For security reasons, Cigna.com no longer supports your browser version. Please update your browser, or use an alternative browser such as Google Chrome, Microsoft Edge, or Mozilla Firefox for the best Cigna.com experience.
In 2020, the Center for Medicare and Medicaid Services (CMS) enacted the Interoperability and Patient Access Rule (CMS Interoperability Rule). This rule enables customers of certain health plans to easily access their claims and information about their visits with providers, including cost and certain specified clinical information maintained by their plans, through third-party applications (Apps) of their choice.
Sharing Your Data
The CMS Interoperability Rule enables customers of certain plans to access their health care data through a number of different health care applications. As a result, customers have the ability to view their health care data and share their health care data in new ways with other parties, such as providers or caregivers.
In order to enable a customer to use an application to access their health care data, the third party application developer must first connect with Cigna’s system. The customer using the application then may authorize the application to request access to the customer’s data. Consistent with privacy laws, Cigna protects customers’ health care data when it is in Cigna's systems and in connection with its transfer to third parties like applications that customers may use.
These third party applications that customers use to access to their health care data are not Cigna companies and are not subcontractors for Cigna companies. Cigna cannot, and does not, control the actions of external applications customers may use to access their health care data.
As a result, once you authorize the third party application to access your health information, Cigna cannot protect or monitor the maintenance, use, or disclosure of your information. This means, for example, that Cigna cannot, and does not, guarantee that any third party application will maintain the privacy and security of your health care data.
You can use the resources below to understand how to protect the privacy and security of your health information while considering whether to use a particular third party application to access your health care data.
Special considerations if you are part of an enrollment group in an Individual or Family Plan
If you are part of an enrollment group under a Qualified Health Plan (QHP) on a Federally- Facilitated Exchange (FFE), please be aware that your data may be combined with other members of their tax household. This means that other individuals on their plan may be able to access their data. Cigna’s policy for Individual and Family Plans is that individuals cannot access data from other members of their household unless they are the parent of a minor child or a personal representative of a family member.
If you are an enrollee of a Cigna Individual or Family Plan, please refer to our privacy forms for guidance on how to modify access to your data.
Selecting an Application
Questions about your health care data to consider as you select an application:
- What data will this app collect? Will this app collect non-health care data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app share my data for any reason, such as advertising or research? If so, with whom? For what purpose?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- How can I access my data and correct inaccuracies in data retrieved by this app?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my data, how do I terminate the app’s access to my data?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
Cigna’s application attestation process
Cigna requests application developers attest to a code of conduct that was created by the Creating Access to Real-time Information Now (CARIN) Alliance. The CARIN Alliance is a group of stakeholders representing hospitals, physicians, caregivers, and patients. The CARIN Alliance Code of Conduct sets standards for how consumer health care data will be utilized and protected. The Code of Conduct also requires organizations to be transparent with individuals regarding the application’s use of and security measures protecting an individual’s health care data.
Applications Approved1 to Access Cigna Data
Apps that completed the CARIN Alliance Code of Conduct bear a special symbol(*) to show they attested to protecting your privacy. Apps that do not bear this symbol have not completed a privacy attestation through the CARIN Alliance.
Applications may begin applying 1/1/2021. Cigna has no approved applications at this time.
Applications and HIPAA
Additional HIPAA Information:
Applications and Federal Trade Commission Oversight
Most applications will be regulated by the Federal Trade Commission (FTC). The law that governs application behavior is the Federal Trade Commission Act. This law prohibits, among other things, applications that deceive customers. An example of a deceptive act would be an application that shares an individual’s data without permission even if they have policy that states they will not do so.
Applications That Act in an Inappropriate Manner
If you feel that your data has been breached or used in an inappropriate manner, please email Cigna’s Privacy Office or write to:
PO Box 188014
Chattanooga, TN 37422
1Applications that are approved may not be prepared for customer requests. Please contact the application customer service directly with any questions.